This week, Apple and Google issued critical security updates due to multiple zero-day vulnerabilities which most likely have already been exploited. These kinds of vulnerabilities are called “zero-day” as this is the timeline for developers to fix these issues in order to prevent them from being exploited by malicious actors. Both Apple’s iOS and Google’s Chrome had to be updated ASAP to ensure protection from hackers and others.
An anonymous party reported that Google’s security update for its web browser addresses 11 security issues, with two zero-day vulnerabilities rated as “high severity”. Google hardly provided any details on the ‘where’ and ‘how’ of these issues. Apple also released an emergency update for its iOS, concerning Mac computers, iPhones, iPads, and Apple Watches. The update is supposed to fix zero-day vulnerabilities discovered by Citizen Lab, which allowed for exploitation by Pegasus, an invasive product of Israeli spyware provider NSO Group.
These most recent examples are only the tip of a huge iceberg of security threats in major software, amounting to almost 70 zero-day attacks within this year only – most of them targeted at products of Microsoft, Apple, and Google. There is an alarming trend towards serious cybersecurity attacks. In May 2021 alone, two major attacks were carried out – the Colonial Pipeline ransomware attack, which disrupted the distribution of almost half of the US East Coast’s fuel supply, and the attack shutting down the US production of the world’s largest meat producer, JBS. The scale and sophistication of cyberattacks had already intensified before the global pandemic, increasing the attack surface due to the growing interconnectedness of devices.
The frequency and growing threat of these attacks, however, was further accelerated by the outbreak of the pandemic and the changes it brought about, such as the shift to remote work and home schooling. The heightened need for and use of Internet infrastructure also require significant investments in cybersecurity efforts, as keeping IT ecosystems secure has become much more difficult. According to the Gartner Emerging Risks Monitor Report, cybersecurity increasingly becomes a top concern for executives, with 67% of senior executives stating that cybersecurity risks are their highest concern in 2021. Moreover, Gartner predicts that by 2023, the financial impact of attacks on cyber-physical systems will amount to more than $50 billion, creating significant losses for attacked organizations. On top of that, Gartner forecasts that by 2025, cyber attackers will be in possession of weaponized operational technology environments capable of harming and even killing humans.
As organizations all over the world are facing this challenge of rising vulnerabilities and intensifying threats, the need for a holistically secure IT ecosystem is obvious. At ThreeFold, we are determined to build this ecosystem. The design of our infrastructure provides unparalleled levels of security and our technology already has a lot to offer to achieve this extensive security – as we’re the only ones who started from scratch on the Linux kernel to build a full new cloud infrastructure that delivers compute, storage and network.
ThreeFold’s operating system, Zero-OS, is stateless, lightweight, and sets new standards of security and efficiency. It runs autonomously once booted, requiring no maintenance or administration. Given it has no shell, remote or server interface, it is much safer than the vast majority of other OSs on the market.
ThreeFold’s upcoming storage solution is the Quantum Safe Filesystem (QSFS), relying on three primitives of the ThreeFold technology: Zdb (the storage engine), Zstor (used to disperse the data into chunks) and Zdbfs (the filesystem driver). Learn more about the storage stack of ThreeFold here. Together, they form a storage layer that is quantum-secure – even an attacker with a quantum computer would not be able to decode users’ data, even if they managed to hack into a single storage node. ThreeFold is developing a prototype file browser that’s fully compatible with QSFS, which should set new security standards for web browsing.
And our Planetary Network is a peer-to-peer end-to-end encrypted global network, providing full privacy and security for everyone within the network. By using the Yggdrasil and Wireguard routing protocols, Threefold eliminates all forms of intermediaries and uses state-of-the-art cryptography to form private end-to-end overlay networks.
And we’re just getting started. As you probably know, our blockchain, TF Chain, will go live with our ThreeFold Grid 3.0 release. We’re working on secure solutions with our partners and have very exciting news to share with you very soon. Stay tuned!